From 0693812e8b730b0307ec9f06eeaf4c7ef0b5ea00 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 7 Oct 2023 10:46:16 +0200 Subject: [PATCH] refactor: remove HstsConfig This config object was originally ported from the HD1 config, but is not required anymore. HD2 does not support handling TLS anymore, so it does not make sense for it to set TLS-related headers. The reverse proxy terminating TLS can easily set HSTS headers. Signed-off-by: David Mehren --- backend/src/app.module.ts | 2 -- backend/src/config/hsts.config.ts | 51 ------------------------------- docs/content/concepts/config.md | 4 --- 3 files changed, 57 deletions(-) delete mode 100644 backend/src/config/hsts.config.ts diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts index ec5a0d5b3..8035ec71b 100644 --- a/backend/src/app.module.ts +++ b/backend/src/app.module.ts @@ -20,7 +20,6 @@ import cspConfig from './config/csp.config'; import customizationConfig from './config/customization.config'; import databaseConfig, { DatabaseConfig } from './config/database.config'; import externalConfig from './config/external-services.config'; -import hstsConfig from './config/hsts.config'; import mediaConfig from './config/media.config'; import noteConfig from './config/note.config'; import { eventModuleConfig } from './events'; @@ -80,7 +79,6 @@ const routes: Routes = [ appConfig, noteConfig, mediaConfig, - hstsConfig, cspConfig, databaseConfig, authConfig, diff --git a/backend/src/config/hsts.config.ts b/backend/src/config/hsts.config.ts deleted file mode 100644 index 1895000e8..000000000 --- a/backend/src/config/hsts.config.ts +++ /dev/null @@ -1,51 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) - * - * SPDX-License-Identifier: AGPL-3.0-only - */ -import { registerAs } from '@nestjs/config'; -import * as Joi from 'joi'; - -import { buildErrorMessage, parseOptionalNumber } from './utils'; - -export interface HstsConfig { - enable: boolean; - maxAgeSeconds: number; - includeSubdomains: boolean; - preload: boolean; -} - -const hstsSchema = Joi.object({ - enable: Joi.boolean().default(true).optional().label('HD_HSTS_ENABLE'), - maxAgeSeconds: Joi.number() - .default(60 * 60 * 24 * 365) - .optional() - .label('HD_HSTS_MAX_AGE'), - includeSubdomains: Joi.boolean() - .default(true) - .optional() - .label('HD_HSTS_INCLUDE_SUBDOMAINS'), - preload: Joi.boolean().default(true).optional().label('HD_HSTS_PRELOAD'), -}); - -export default registerAs('hstsConfig', () => { - const hstsConfig = hstsSchema.validate( - { - enable: process.env.HD_HSTS_ENABLE, - maxAgeSeconds: parseOptionalNumber(process.env.HD_HSTS_MAX_AGE), - includeSubdomains: process.env.HD_HSTS_INCLUDE_SUBDOMAINS, - preload: process.env.HD_HSTS_PRELOAD, - }, - { - abortEarly: false, - presence: 'required', - }, - ); - if (hstsConfig.error) { - const errorMessages = hstsConfig.error.details.map( - (detail) => detail.message, - ); - throw new Error(buildErrorMessage(errorMessages)); - } - return hstsConfig.value as HstsConfig; -}); diff --git a/docs/content/concepts/config.md b/docs/content/concepts/config.md index 0c699fa70..6af6760ad 100644 --- a/docs/content/concepts/config.md +++ b/docs/content/concepts/config.md @@ -31,9 +31,6 @@ The config of HedgeDoc is split up into **nine** different modules: `external-services.config.ts` : Which external services are activated and where can they be called -`hsts.config.ts` -: Configuration for [HTTP Strict-Transport-Security][hsts] - `media.config.ts` : Where media files are being stored @@ -96,6 +93,5 @@ Some config files also have a `.mock.ts` file which defines the configuration fo Those files just contain the default export and return the mock config object. [csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -[hsts]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security [joi]: https://joi.dev/ [joi-doc]: https://joi.dev/api